Retention and Destruction/Disposal of Private and Confidential Information: Difference between revisions

no edit summary
mNo edit summary
No edit summary
Line 35: Line 35:
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big>
<big>'''Retention and Destruction/Disposal of Private and Confidential Information Policy'''</big>
== Basis for Policy ==
== Basis for Policy ==
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access.  NIST Special Publication 800-53 and the HIPAA Security Rule outline considerations for the access control family of security controls.   
Nebraska Medicine/UNMC implements reasonable and appropriate access controls in alignment with National Institute of Standards and Technology (NIST) standards and guidance to maintain the minimum necessary access.  [https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53] and the [https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule] outline considerations for the access control family of security controls.   
==Policy==
==Policy==
1#It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.  
1#It is the policy of the UNMC/Nebraska Medicine and its affiliated entities to ensure the privacy and security of confidential information in the maintenance, retention and eventual destruction/disposal of such media. All destruction/disposal of confidential information media will be done in accordance with federal and state law and pursuant to the [http://www.sos.ne.gov/records-management/schedule_170.html UNMC Record Retention Schedule]. Records that have satisfied the period of retention will be destroyed/disposed of in an appropriate manner.  
Line 114: Line 114:
*Contact the [mailto:infosecurity@unmc.edu Information Security Office]
*Contact the [mailto:infosecurity@unmc.edu Information Security Office]
*Contact Director, Environmental Services, at 402-559-6118, '''(do you have a better number for them?)'''  
*Contact Director, Environmental Services, at 402-559-6118, '''(do you have a better number for them?)'''  
*[mailto:rboldt@unmc.edu Recycling Coordinator]
**Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations
*Contact [mailto:rboldt@unmc.edu Recycling Coordinator]
*Contact [mailto:debrbishop@nebraskamed.com Privacy Officer]  
*Contact [mailto:debrbishop@nebraskamed.com Privacy Officer]  
*Procedure No. 6056, [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information]
*Procedure No. 6056, [https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information]
Line 121: Line 122:
*Radiology Dept. Policy, LR - 6.12, Retention/Disposal of Radiology Images
*Radiology Dept. Policy, LR - 6.12, Retention/Disposal of Radiology Images
*“Contract Management Policy”)
*“Contract Management Policy”)
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST Special Publication 800-53]
*[https://www.cdc.gov/phlp/publications/topic/hipaa.html#security-rule HIPAA Security Rule]


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].